Lucene search
+L

112 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28584

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-38604

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/07 6:33 a.m.9 views

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

4.3CVSS6.5AI score0.00211EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/09/05 11:1 p.m.7 views

WordPress OceanWP theme < 4.1.2 - Subscriber+ Limited Option Update vulnerability

Subscriber+ Limited Option Update vulnerability discovered by Hamit Cibo in WordPress Theme OceanWP versions 4.1.2...

4.3CVSS7AI score0.00211EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/09/05 6:15 a.m.5 views

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

4.3CVSS0.00211EPSS
Exploits1References1
OSV
OSV
added 2025/09/05 6:15 a.m.7 views

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

4.3CVSS5.8AI score0.00211EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/05 6:0 a.m.1 views

CVE-2025-8944 OceanWP < 4.1.2 - Subscriber+ Limited Option Update

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

6AI score0.00211EPSS
Exploits1References1
CVE
CVE
added 2025/09/05 6:0 a.m.22 views

CVE-2025-8944

CVE-2025-8944 affects the OceanWP WordPress theme prior to 4.1.2. A missing capability check in an AJAX request handler allows any authenticated user (e.g., a subscriber) to update the darkMod setting. The issue is rooted in insufficient access control within the theme’s option update flow. Remed...

4.3CVSS6AI score0.00211EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/09/05 6:0 a.m.10 views

CVE-2025-8944 OceanWP < 4.1.2 - Subscriber+ Limited Option Update

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

0.00211EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.5 views

PT-2025-36114

Name of the Vulnerable Software and Affected Versions OceanWP WordPress theme versions prior to 4.1.2 Description The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even...

4.3CVSS5.3AI score0.00211EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.3 views

WordPress plugin OceanWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS6.3AI score0.00211EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/09/05 12:0 a.m.8 views

WordPress OceanWP Theme < 4.1.2 is vulnerable to Settings Change

Software OceanWP Type Theme Vulnerable versions 4.1.2 Fixed in 4.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2025-8944 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e2cdad6661d0 Credits Hamit Cibo Required...

4.3CVSS6AI score0.00211EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/01 5:27 a.m.6 views

CVE-2025-9499

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2025/08/30 5:15 a.m.5 views

CVE-2025-9499

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00232EPSS
Exploits0References4
CVE
CVE
added 2025/08/30 4:25 a.m.22 views

CVE-2025-9499

CVE-2025-9499 refers to a Stored Cross‑Site Scripting vulnerability in the WordPress Ocean Extra plugin (versions up to and including 2.4.9). The issue stems from insufficient input sanitization and output escaping in the oceanwp_library shortcode, enabling an authenticated attacker with contribu...

6.4CVSS4.7AI score0.00232EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/30 12:0 a.m.10 views

PT-2025-35344

Name of the Vulnerable Software and Affected Versions: Ocean Extra plugin for WordPress versions through 2.4.9 Description: The Ocean Extra plugin for WordPress is susceptible to Stored Cross-Site Scripting via the oceanwp library shortcode due to insufficient input sanitization and output escapi...

6.4CVSS5.1AI score0.00232EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/15 4:34 a.m.9 views

CVE-2025-8891

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

4.3CVSS6.7AI score0.00205EPSS
Exploits1References1
NVD
NVD
added 2025/08/13 4:16 a.m.11 views

CVE-2025-8891

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

4.3CVSS0.00205EPSS
Exploits1References3
OSV
OSV
added 2025/08/13 4:16 a.m.4 views

CVE-2025-8891

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

4.3CVSS5.6AI score0.00205EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/13 3:42 a.m.6 views

CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

4.3CVSS6.7AI score0.00205EPSS
Exploits1References3
Rows per page
Query Builder